Nextcloud 13 installation guide (Ubuntu 18.04 LTS)

Following this guide you will be able to install and configure Nextcloud 13 based on Ubuntu 18.04 LTS, NGINX 1.14, openssl 1.1.0h, TLSv1.3, PHP 7.2, MariaDB, Redis, fail2ban, firewall (ufw) and will achieve an A+ rating from as well Nextcloud as Qualys SSL Labs. We will request and implement your ssl certificate(s) from Let’s Encrypt in chapter 5. You only have to ammend the red marked values (YOUR.DEDYN.IO, 192.168.2.x, 22) regarding your environment!

Pre-requirements

From my perspective the requirements for this guide may be rated as low: you only have to

Don’t forget to Backup your Nextcloud

63 Responses

Because I’m planing to build my own energy efficient server, I have already read a few tutorials on the Internet, and I can say – This website is completely different beer! On this pages I found almost everything that I need. You seem very familiar with this matter. That’s why I’d like to ask You a few question.

I know that ARM based SBC can work 24/7 for years with no problems at all , and most important for me – without active cooling. Just hate noisy things in my house. But I’m not sure if an ARM based SBC can handle all that.
I’m more than sure that an Intel NUC with i5 processor is decades ahead, but I have no idea if it is OK with this 24/7 working cycle. And also not sure how noisy it is going to be.

Dear Semko, thank you very much. It depends on the amount of data and where to store all your data. It would be absolutely sufficient to use an odroid c2 or rock64 (0/zero db) or an intel nuc as i do (NUC6CAYH, noisless if you reduce the rpm in bios / 24/7 since 1,5 years.) My data are stored on a Synology DS and are mounted to Nextcloud (/etc/fstab ~ 2TB). It is already discussed in the Nextcloud Forum / Best cheap hardware. But for sure: both, the odroid C2 as well the NUC would be sufficient regarding your described purposes. Cheers, Carsten

Hi,
Sorry for all of my questions but in the nextcloud.conf file it’s a line proxy_pass http://127.0.0.1:81; and if I’m using the port 80 should I adjust that to 80 or should I still have it on 81?
The port’s that are open @ my server is port 80 and 443

I did find out the issue with the (error) NOAUTH Authentication required it’s because that I did use the hashsecret PW for redis, so I just added -a MYSECRETPASSWORD to the file and it did work after that.

Yes I did and i hav checked with local IP also it’s same. Have run the setup twice now all “https://your.dedyn.io/login” is replace by my nextcloud address.
My loacal IP 192.168.x.221 router IP 192.168.x.201 which i set on “NGINX configuration(# resolver IP is your Router-IP (e.g. your FritzBox))” also did forward ports to reach outside my network and i can ping on my nextcloud address outside network.

Here’s the out put of curl command, and i followed ur guide for ubuntu 16 it worked flawless but this one only giving problem. am not good with linux so didn’t no hot to check redis-, nginx-, php- and mysql logfiles.

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Awesome – Have been using OwnCloud on Ubuntu 14.04 but wanted to make the leap to Ubuntu 18.04 and NextCloud. Am not a strong Linux admin (have MS focus) but have been able to successfully build myself a new up to date and secure system thanks to your guide. Really appreciate it!

But I have one issue now, when I’m looking under loggs in the Nextcloud WebGUI I can see this:

The “X-XSS-Protection” HTTP header is not set to “1; mode=block”. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
The “X-Robots-Tag” HTTP header is not set to “none”. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
The “X-Download-Options” HTTP header is not set to “noopen”. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
The “X-Permitted-Cross-Domain-Policies” HTTP header is not set to “none”. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.

It seems, you choosed the NGINX from the Ubuntu 18.04 repository. This module isn’t embedded yet. So please add the repo i mentioned in the guide, remove your current NGINX and re-install the new NGINX. After a restart the mp4-module is well known by NGINX.